[Doc] Optimize class registration doc (#1027)

* refine register exception msg * refine register doc * revert copy
apache · Oct 26, 2023 · 56b5a15 · 56b5a15
1 parent f8883ee
commit 56b5a15
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -153,7 +153,7 @@ public class Example {
       Fury fury = Fury.builder().withLanguage(Language.JAVA)
         // Allow to deserialize objects unknown types, more flexible 
         // but may be insecure if the classes contains malicious code.
-        // .requireClassRegistration(false)
+        .requireClassRegistration(false)
         .build();
       // Registering types can reduce class name serialization overhead, but not mandatory.
       // If class registration enabled, all custom types must be registered.
@@ -165,7 +165,7 @@ public class Example {
       ThreadSafeFury fury = Fury.builder().withLanguage(Language.JAVA)
         // Allow to deserialize objects unknown types, more flexible 
         // but may be insecure if the classes contains malicious code.
-        // .requireClassRegistration(false)
+        .requireClassRegistration(false)
         .buildThreadSafeFury();
       byte[] bytes = fury.serialize(object);
       System.out.println(fury.deserialize(bytes));

diff --git a/docs/guide/DEVELOPMENT.md b/docs/guide/DEVELOPMENT.md
@@ -1,3 +1,7 @@
+<!-- fury_frontmatter --
+title: Java Object Graph Guide
+order: 5
+-- fury_frontmatter -->
 # How to build to Fury
 
 ## Get the source code

diff --git a/docs/guide/java_object_graph_guide.md b/docs/guide/java_object_graph_guide.md
@@ -31,7 +31,7 @@ public class Example {
     Fury fury = Fury.builder().withLanguage(Language.JAVA)
       // Allow to deserialize objects unknown types, more flexible 
       // but may be insecure if the classes contains malicious code.
-      // .requireClassRegistration(false)
+      .requireClassRegistration(false)
       .build();
     // Registering types can reduce class name serialization overhead, but not mandatory.
     // If class registration enabled, all custom types must be registered.

diff --git a/java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java b/java/fury-core/src/main/java/io/fury/resolver/ClassResolver.java
@@ -1132,8 +1132,10 @@ private Serializer createSerializer(Class<?> cls) {
       String msg =
           String.format(
               "%s is not registered, please check whether it's the type you want to serialize or "
-                  + "a **vulnerability**. If safe, registering class by "
-                  + "`Fury#register` will have better performance by skipping classname serialization",
+                  + "a **vulnerability**. If safe, you should invoke `Fury#register` to register class, "
+                  + " which will have better performance by skipping classname serialization. "
+                  + "If your env is 100%% secure, you can also avoid this exception by disabling class "
+                  + "registration check using `FuryBuilder#requireClassRegistration(false)`",
               cls);
       boolean forbidden = BlackList.getDefaultBlackList().contains(cls.getName());
       if (forbidden || !isSecure(extRegistry.registeredClassIdMap, cls)) {